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Claims 

What is claimed is: 

1 . A method for allowing a user to comiect to a privacy network comprising: 

connecting to the network; 

receiving a user name and password from a user; and 

determining whether the user account is valid. 
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Background Of The Invention 
[001] 1. Field of the Invention. 

1002] This invention relates generally to network conununication systems. In 
particular, this invention relates to an Internet privacy system capable of operating across 
multiple platforms. 



[003] 2. Related Art. 

1004] As the global computer network known as the Internet continues to grow 
globally at a rapid pace, an increasing number of people and businesses from around the 
world are accessing the Internet for both business and personal activities. As a result, the 
Internet has become a virtual community were people communicate with each other by 
sending and receiving electronic, voice and image messages for business and pleasure. 
These communications include sharing ideas and information, sending personal and 
business message back and forth, researching infonnation. expressing opinions and ideas 
both personal and political, and conducting business negotiations and transactions 
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(generally known as "electronic commerce" or "e-commerce"). In response to this new 

electronic activity, business, governments and certain individuals attempt to identify and 

track individual Internet users for numerous purposes including, but not limited to, 

advertising, market research, customizing infonnation of Internet sites (i.e., "websites") 

snooping and ease dropping on communications, political and law enforcement activities, 

fraud and malicious activities. Many of these attempts are threats to the individual users 

of the Internet because they attempt to gain personal infonnation about the user and the 

user's activities on the Internet (generally referred to as the user's "online activities") 

typically without the user's express consent or knowledge. 

(005) These threats typically gain infonnation about the user by logging a user's 
hitemet Protocol ("IP") address (the electronic address that specifically identifies a user's 
computer to the network) or by installing programs or files on to the user's computer 
such as "cookies." ActiveX™ applications, Java™, script files, Spyware, or hostile 
programs such as vinises. These threats allow an outside user, be it a govenunent, 
business, or individual entity, to perforai such tasks as identify a user, obtaining the 
user's personal infonnation that is stored on the computer (including names, address, 
financial, private files, and/or other confidential, private and/or sensitive infonnation), 
and track the user's activities on the hitemet includmg recording every website visited or 
every email sent or received by the user. Malicious programs such as vinises may also be 
installed on the user's computer that can modify, erase or destroy the user's operating 
system of personal files. 
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[0061 Unfortunately, most people that utilize the Internet do not understand 
technically how networks such as the Internet fiinction nor do they generally appreciate 
the number and types of threats that they will experience once they connect (i.e., "log- 
on") to the Internet. Past attempts at protecting users on the internet include using 
"firewalls" to block certain types of direats from the Internet, virus protection programs 
for detecting malicious programs, and spyware and cookie file removal software. 
However, these past attempts do not protect a user's identity because most of these 
approaches attempt to dismfect a user from intruders after the fact. These past 
approaches do not protect a user's identity as soon as the user connects to the Intemet 
because connected websites are able to read and identify the user's IP address among 
other things. A need therefore exist to protect a user's identity as soon as the user 
connects to the Intemet (i.e., known as "surfing the web" or "surfing the Net"). 
[007] Attempts in the past at protecting the user's identity have included allowing a 
user to connect to an intermediate server connected to the Intemet that extracted off the 
user's IP infomiation and substituted it with the IP address of the intermediate server thus 
creating an anonymous user that could then continue to surf the Net without worrying 
that their IP infomiation would be used to identify them. 

[008) Unfortunately, this approach was too technical and difficult to operate by most 
Intemet users. Therefore, there is a need for a privacy management system that solves 
the problems recited above and allows Intemet users to easily maintain thek privacy by 
utilizing an anonymous server. 
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Brief Description of the Figures 
(009] The components in the figures are not necessarily to scale, emphasis instead 
being placed upon illustrating the principles of the invention. In the figures, like 
reference numerals designate corresponding parts throughout the different views. 
[010] FIG. 1 shows a block diagram an example implementation of the invention. 
(OllJ FIG. 2 shows a flow chart of an example process perfoimed by a Startup 
Wizard Module. 

[0121 FIG. 3 shows a flow chart of an example process perfonned by a Startup 
Module. 

1013] FIG. 4 shows a flow-chart of an example process performed by a 
Login/Authentication module. 

(014} FIG. 5 shows a flow-chart of an example process performed by a Renew 
/Upgrade Module. 

[0151 FIG. 6 shows a flow-chart of an example process performed by a TCP Hook 
module. 

[016] FIG. 7 shows a flow-chart of an example process performed by a Client 
Update Module. 

1017] FIG. 8 shows a flow-chart of an example process performed by a Universal 
site key module. 

(018] FIG. 9 shows a flow-chart of an example process performed by a Non-SSL 
Module. 
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[0191 FIG. 1 0 shows a signal flow diagram for an example process performed by the 
invention for recently visited sities. 



Detailed Description 
[020] This invention describes a method for providing Internet privacy service 
which shall be described in relation to example implementation herein referred to as 
AnonPro. AnonPro may be a specific implementation of our inventions for providing 
Internet privacy services. The components described in this detailed description and 
figures are an example implementation for some of our particular applications, however, 
the technologies and inventions described herein are much more general. The 
components are generally a network level traffic interceptor (client side), a client proxy, a 
server proxy, an SSL module, and some web based services (such as the user 
authentication, server lists, recommended site settings lists etc.). Generically speaking, 
the combination of the components is an "Internet privacy system." The cliem part is 
"Intemet Privacy Client", whUe the server proxy is "Internet Privacy remote proxy." In 
the description of this invention we often refer to registry entries or other specific ways of 
storing information. In all cases this information could be stored in any number of ways 
including m flat files, indexed files, local or remote databases, among others. In the 
description of this invention we often refer to cookies. Many other infonnation transfer 
techniques could be used in place of cookies including HTML headers, changes to URLs 
or other addresses, any other standard or custom message or data structure. In the 
description of this invention we often refer to XML data structiires. In general tiiese 
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structures could be replaced with any other kind of data structure, including other 
standard and non-standard, encrypted and non-encrypted structures. CA stands for 
"Certificate Authority" and refers to an entity or encryption key used for signing other 
keys such as SSL keys. 

(021] Additionally, The AnonPro Server Proxy (also known as the "Internet Privacy 
Remote Proxy") is a system that relays data from the client on the user's PC to the 
computer hosting the content or service the user is trying to access through the system's 
Internet Privacy System (the Destination). The proxy acts to hide the user's IP address 
and may perform other actions based on the content of the request or the contents of the 
reply from the Destination. These actions may include adding, changing, or removing 
text, data, information, scripts or other content from either the data from the user to the 
destination, or from the destination back to the user. The Internet Privacy Remote Proxy 
is not used in all modes of the Internet Privacy Client. In some modes the Internet 
Privacy Client connects directly to the Destination. Whether or not the Internet Privacy 
Remote Proxy is used depends on the privacy settings the user has set for that particular 
site. The Internet Privacy Remote Proxy is only used if the hiding of the user's IP, or the 
other changes the Remote Proxy makes to the data, are required for the particular 
settings. Otherwise the connection is direct. 

(0221 This invention builds on the features and functions of previous projects such 
as Anonymizer 2.0 (designed and operated by Anonymizer. Inc. of San Diego, 
California). Some components in the proxy server may need to be modified and at this 
point it is not known what the scope is. 
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(023) The main goal of this invention is to shield the user from the various threats 

presented when using the Internet as shown in FIG. 1. To achieve this we embed 

ourselves in the tcp layer of the system and route the client's data to a transparem proxy 

running on the client. The client proxy may determine what filters to apply based on the 

users settings and then forward the data to the anonymizer proxy to perform additional 

security measures. The server cert will be used to do silent SSL connections with the 

Web-Server to send useniames, passwords etc. 

[0241 In FIG. 2 a Startup Wizard Module is described. When the client is started, it 
is loaded into the system tray and displayed as an icon, hnmediately after that, the cUent 
checks to see if the client is being run for the first time if so the client startup wizard 
(REFERENCE SCREEN SHOT) is invoked. The wizard will check for an Internet 
connection and prompt the user to open one if no such connection is found. Next it will 
prompt the user to enter his/her registration this will be posted to the registry value 
Account Creation URI. widi a query string like "?action=regval&regcode=<registration 
code>" this will return a document Account Creation URL return A return value of 0 
means the key is invalid and a message should be displayed followed by reprompt for key 
otherwise the product edition is to be stored in the registry ( ProductTvpe ) and the public 
key for the user will be stored in the registry (Anon Pub Kev ) and the user wUl start the 
account creation process. The wizard will ask the user if he/she is new or existing if they 
are existing they will be prompted for their usemame and password if they are a new user 
they will be prompted for their desired usemame, password, password confirmation and 
optional email address. The wizard will verify that the two passwords match throwing an 
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error message if they don't then lookup the account creation URL 

(Account Creation . URIQ and do a https post to it passing in the user info as a query 

string if renew flag is o like 

querystring="?action=createacct&renewflag=<renewflag>&reinstallflag=<reinstaliflag> 
&uname=<usemame>&passwd=<password>&email=<email>" where <renewflag> is 
either 0 for new user or 1 for existing and <reinstallflag> is 0 for unused registration key 
and 1 for a used registration key. This post will return an XML document 
Account Creation URL return. The wizard will then prompt the user if he/she would like 
the system to start when windows starts (or they login). We will also prompt for auto 
update on or off and write that into the Auto update registry entry. Next we will prompt 
to see if we should show the privacy monitor on startup. Now we need to prompt the user 
to see if the default state of the system is on or off and store the result in the Default state 
registry entry. Finally we will prompt the user to see if we should run the other programs 
on exit or not. 

10251 FIG.3 shows a flow-chart for a process performed by a startup module. The 
startup module handles the flow of the client when it starts. First it will call the universal 
site key module then it will check the Auto login registry setting to see if it should 
prompt for the usemame and password. If Auto_Login is enabled the Anon Uname and 
Anon Password will be passed to the Login/Authentication Module. If Auto_Login is not 
enabled then we will use the Anon Pub Kev to encrypt the usemame and password that 
the user entered and pass those values to the Login/Authentication Module. If the return 
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value of the module is not success then we may throw an error message and reprompt for 

the usemame and password. 

[0261 FIG. 4 shows a flow-chart of an example process performed by a 
Login/Authentication module. This module may be called whenever a client process (i.e 
Client Proxy or the SSL server, etc... ) wants to login to the anonymizer service and 
receive an APAuth cookie to proceed. If auto login is on the calling process should pass 
Anon Uname and Anon Password in as the parameters. If the autojogin is not set the 
calling process will prompt the user for the user name and password and then encrypt 
them using Anon Pub Key these will then be passed in as iJarameters. The module 
when called will do a silent HTTPS post to Login URL with querystring like 
"?uname=<usemame> & passwd=<password>". The output of this post will be xml in 
this form: 
1027] <root> 

[028] <status>invalid||explred||inactive||active</status> 
[029] </root> 

[030] If successful APAuth and APMeta-Auth will be set and we should parse out 
the <tos> value from the APAuth cookie. This value will be stored in the ProductTvoe 
registry entry. If not successful we will check to see if the user is expired if so call the 
update/renew module. If there is any other error it will be returned to the calling process, 
which will be responsible for re-prompting the user for his/her info. 
[031] FIG. 5 shows a flow-chart of an e^^ample process performed by a Renew 
/Upgrade Module. This module will be called whenever we want to prompt the user to 
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upgrade or renew their product. When invoked it will open the default browser with the 
Signup URL that we have stored in the registry posting the following query string like 
"?uname=<encrypted usemame>". From here the user will select the edition he/she 
wants to renew or upgrade and enter his/her info. Upon successful completion it will 
prompt the user to restart the client. 

[032] FIG. 6 shows a flow-chart of an example process performed by a TCP Hook 
module. This module is responsible for hooking all the necessary tcp layer calls and 
redirecting the data to the client proxy module. When the browser tries to connect a 
socket the TCP Hook module will intercept the call and examine the port number. If it is 
80 it will redirect the socket to localhost with the port set to the registry value (http portV 
If it is port 443 it will redirect the socket to localhost with the port set to the registry 
value (https port). If it is any other port it will redirect to localhost with port 8080. 
[033J FIG. 7 shows a flow-chart of an example process performed by a Client 
Update Module. When the client update module is called it will make a silent http post to 
the Update URL . This script will return any new list versions and a bin_notice with a 
bin_url based off the information in the AnonPro cookie. If Auto update p rompt is set to 
1 then we will pop up a dialog to see if we should update the lists. If they answer yes we 
proceed if they answer no we do no update. Before writing each list mto the registry we 
will read TrustedList, ProtectedList. BlockedList and ServerList from the registry and 
check for modifications or deletions by the user. If the user has done either of these then 
their changes should persist. If we have parsed out a bin_notice and bin_url then we will 
pop up a dialog informing the user of the binary update and asking them if they would 
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like to doAvnload it If they choose ok we will open the default browser and navigate to 
thaturl. 

[0341 A client Proxy Module is to be run possibly separate from the client When 
the client proxy module starts up it will read the TrustedList. ProtectedList and the 
BlockedList from the registry in order to populate our per site preferences cache. 
(035) FIG. 8 shows a flow-chart of an example process performed by a Universal 
site key module. This module will be invoked once on startup to generate a new universal 
site key to use for the current session. This key will be used to forge the identity of all ssl 
servers the client tries to connect to. It wiU be invoked as a low priority thread to run in 
the background and generate the key. Once the process is finished it will swap the new 
key for the current one and exit To generate this key pair we may use the OpenSSL 
functions to create the RSA key pair. Once generated this key pair is it will be stored 
encrypted using the SHA-1 hash of the usemame and password in AnonPro Home 
Directory\ sites. We will also write a function to generate the site certificates when we 
need them. This will just take the domain name as a parameter that will be inserted into 
the cert template and then signed by the secret key generated above. We could also 
generate a seperate key for each site, or generate a single key for use with all sites. This 
technique is quite general. 

[036] A SSL module is responsible for the handling of all data passed through on a 
secure connection. 

1037) FIG. 9 shows a flow-chart of an example process perfonned by a Non-SSL 
Module. This module is responsible for the handling of all data passed through that is not 
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on a secure connection. Generally, its responsibility will be adding and removing headers 
as well as streaming the data through the filter module and the anonymizer proxy. 
During the processing of the request this module will prune the url down to its top level 
domain and enter it into the recently visited sites cache ( Recently visited siteg^ h will 
also run the top level domain through the per-site settings cache to see if there is a match. 
If there is we will apply those security settings to this request if there isn't we will use the 
global settings ( Security Level ) . Once we have applied all of our security filters we 
will forward the request to the anonymizer proxy. When we receive the response from 
the anonymizer proxy we will do a second pass on our filters applying those that are 
relevant to incoming requests. FinaUy we will return the requested web resource to the 
browser. 

(038J A Filtering Module is the module responsible for filtering the content 
requested by the user. If will remove items such as ads, popups etc... (Refer to the 
requirements features matrix ). We will update the PaeesBlocked. ActveContentBlcked. 
AdsBlocked and PopupsBlocked to reflect what we have done. This can be updated either 
on a per item (meaning every time somethuig is blocked you update the count) or on a 
per page basis (meaning you keep counts for every page and update the counts after the 
page is finished loading). If while filtering we encounter a request that is on the blocked 
list we wiU redirect to Never List Redirect IIRI. if it is a url or redirect to 
Never List Redirect Image if it is a request for an image. If OS hiding is active we will 
replace the OS in the headers with OS Hiding Name . Similarly if leferrer hiding is 
active we will replace the referrer header with Referring Hidinp Namp 
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I039J As per request preferences, the CUent has to pass the following settings to the 
Proxy for each web-page request: IP-Hiding; SSL Fulltime; Active X Filter; Java Filter; 
JS filter; VB filter; Safe cookies; and other options or preferences. The client should 
send an HTTP header with each web request that wiU contain a bit-mask specifying what 
security options will be applied by the proxy on the returned web-page that the use has 
requested such as: 

1040] For example in URL encryption, the the public key is stored by anonpro client 

in a cookie. The proxy will then pick up this cookie. (Currently the toolbar does it this 

way - but not with an XML structured cookie). 

(041) Preferences 

[042] Trusted List / Protected List 

[043] - check "Blocked" list, then check "protected" list, then check "trusted" list 

[044] . if URL is listed in the "blocked" list 

l®*^! if it is the HTML mail page - popup a framing 

[046] if it is just an image, replace the image with an "anonpro" image 

[047] Ifthe URL is listed in the "protected" list: 

[048] Check the "per site" preferences 

[049] If no "per site" preferences, then use what the current preferences are. 

[050] FIG. 10 shows a signal flow diagram for an example process performed by the 
invention for recently visited sities. Whenever a request is made for a web page the 
address is placed inside our cache, we may schedule a thread that will run somewhat 
frequemly to go through the cache using our url pruning algorithm to strip down to top 
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level domains removing duplicate entries and placing any new domains into the recent 
hash map. 

[0511 It is appreciated by those skilled in the art that the AnonPro Client may run on 
multiple platforms including Microsoft® Windows 98®. Windows NT®, Windows 
2000®, Windows XP®, Apple operating systems such as OS 7, OS 8, OS 9, OS 10, Unix 
based operating system, Linix based operating systems or any other similar type of 
operating system used at present or in the future. The software may operating in any 
language. It is also appreciated that this system is secure. Therefore, To make 
communication as secure as desired for the client, the system has two levels of end user 
access security. In the AnonPro Client, there are the following security components: 
Application Layer Security and Network Security. Because of the nature of the system 
there should be established a trust relationship between the users and the products servers 
(Anonymizer Proxy, Anonymizer Web-Server) to grant access privilege and subsequent 
ability to protect the transactions. Various security means are used to assure recipients 
that message comes from a sender whose identity is validated and that its contents have 
not been tampered with during the transmission such as, for example, User-ID/Password 
Authentication and SSL. Every product session is fiilly protected by using encryption 
technology. We may use Secure Sockets Layer (SSL), which is widely adopted standard 
in industry, to encrypt data transmitted between a client and the <pioduct> data center. 
128-bit RC4 encryption mechanism in SSL is used to provide strong encryption. For the 
web access application, you have to have a Web Browser that supports 128-bit SSL, All 
the most popular Browsers support 128-bit SSL in recent versions. 
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[052] Usemame and password is used in authentication, but password is not passed 

in clear over the network even though it is protected by SSL link. Instead, in AnonPro 

Client, it is hashed, and he resulting "digest" is then sent over the network. When it 

arrives at the server site, server checks it to against the saved digest on the server 

database. 

[053] The processes described in may be performed by hardware or software. If the 
process is performed by software, the software may reside in software memory (not 
shown) in the controller, memory, or an removable memory medium. The software in 
memory may include an ordered listing of executable instructions for implementing 
logical functions (i.e., "logic" that may be implement either in digital form such as digital 
circuitry or source code or in analog form such as analog circuitry or an analog source 
such an analog electrical, sound or video signal), may selectively be embodied in any 
computer-readable (or signal-bearing) medium for use by or in connection with an 
instruction execution system, apparatus, or device, such as a computer-based system, 
processor-containing system, or other system that may selectively fetch the instructions 
fix)m the instruction execution system, apparatus, or device and execute the instructions. 
In the context of this document, a "computer-readable medium" and/or "signal-bearing 
medium" is any means that may contain, store, communicate, propagate, or transport the 
program for use by or in connection with the instruction execution system, apparatus, or 
device. The computer readable medium may selectively be, for example but not limited 
to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, 
apparatus, device, or propagation medium. More specific examples "a non-exhaustive 
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list" of the computer-readable medium would include the following: an electrical 
connection "electronic" having one or more wires, a portable computer diskette 
(magnetic), a RAM (electronic), a read-only memory "ROM" (electronic), an erasable 
programmable read-only memory (EPROM or Flash memory) (electronic), an optical 
fiber (optical), and a portable compact disc read-only memory "CDROM" (optical). Note 
that the computer-readable medium may even be paper or another suitable medium upon 
which the program is printed, as the program can be electronically captured, via for 
instance optical scanning of the paper or other medium, then compiled, interpreted or 
otherwise processed in a suitable manner if necessary, and then stored in a computer 
memory. 

[054] In general, the system described provides for Consensual Man in the Middle 
Attack by using used to rewrite pages, on the fly creation of site SSL certificates, CA cert 
to sign all SSL site certificates, CA cert is generated per user, CA cert is automatically 
installed in the browser and SSL page rewriting. Where the SSL page rewriting included 
the Client decrypting SSL pages to rewrite before re-encrypting and sending to proxy or 
end web site. 

[055] The system also provides for the Client to Insert information into data stream 
from browser to Internet through any kind of Header or by inserting cookies. The 
cookies may include authentication / access rights information and preferences 
information and utilize XML and encryption. 
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[056] The system may also provides for a TCP level hook for privacy service that 
includes the Hook redirecting traffic to a local proxy on the user's machine, the Client 
proxy redirecting traffic to Anonymizer proxy and the TCP hook allows IP hiding. 
[057] The system may also provides for a Full time SSL without URL prefixing. 
[058] The system may also provides for making cookies session only and/or change 
cookie expiration date. 

[059] The system may also provides for gathering and generation Privacy Statistics 
that include Per site privacy statistics, a Privacy Analyzer real time threat display, and 
automated site threat analysis and rating. 

[060] The system may also provides for setting per site privacy settings that include 
white lists, black lists, detailed custom settings, "Show details" functionality, 
recommended site settings list that include automatically updated and downloaded 
settings, and hard coded Site settings that can't be changed by user have preset defaults 
and an exception list for some sites. 

[061] The system may also provides for the Client to keep a list of alternate access 
names / IP addresses for accessing servers. The Client may tries all addresses one after 
another and/or each user gets a different set of access addresses. 
[062] The system may also provides allows install on many computers while detect 
and prevent multiple simultaneous users. 

[063] The system may also provides allows Client Javascript [script] rewriting. 
[064] The system utilizes a novel GUI design to manage information. 
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[065J While various embodiments of the application have been described, it will be 

apparent to those of ordinary skill in the art that many more embodiments and 

implementations are possible that are within the scope of this invention. Accordingly, the 

invention is not to be restricted except in light of the attached claims and their 

equivalents. The foregoing description of an implementation has been presented for 

purposes of illustration and description. It is not exhaustive and does not limit the 

claimed inventions to the precise form disclosed. Modifications and variations are 

possible in light of the above description or may be acquired from practicing the 

invention. For example, the described implementation includes software but the 

invention may be implemented as a combination of hardware and software or in hardware 

alone. Note also that the implementation may vary between systems. The claims and 

their equivalents define the scope of the invention. 
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